Powershell to find disabled users in Active Directory

Question

I am using this to find users that are disabled in AD:

Get-ADUser -Filter 'Enabled -eq $false' -Properties Name, SamAccountName | Select-Object Name, SamAccountName

It does not show any disabled users except the krbtgt user:

Name   SamAccountName
----   --------------
krbtgt krbtgt

What am i doing wrong?

I have disabled users in AD and they are not appearing.

Why?

Have a look at my screenshot

score 2 · Answer 1 · answered May 25 '25 at 20:15

Specify the SearchBase of your domain DN, and SearchScope Subtree.

https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser

Get-ADUser -Filter 'Enabled -eq $false' -Properties Name, SamAccountName -SearchBase 'DC=contoso, DC=com' -SearchScope 'Subtree'

score 0 · Answer 2 · answered May 27 '25 at 20:05

Have you considered using Search-ADAccount that would simplify the process without having to write a filter? https://learn.microsoft.com/en-us/powershell/module/activedirectory/search-adaccount?view=windowsserver2025-ps e.g. Search-ADAccount -AccountDisabled

score -1 · Answer 3 · answered May 26 '25 at 11:50

-1

This one works and return the samaccountname of all disabled accounts :

Get-ADUser -Filter 'Enabled -eq $false' -Properties Name, SamAccountName -SearchBase 'DC=contoso,dc=com' -SearchScope 'Subtree' | Select-Object SamAccountName

answered May 26 '25 at 11:50

RCDevs Security

71

Powershell to find disabled users in Active Directory

3 Answers3